package com.forezp.config;

import com.forezp.service.security.UserServiceDetail;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

import javax.sql.DataSource;

/**********************************************************************
 * &lt;p&gt;文件名：OAuth2AuthorizationConfig.java &lt;/p&gt;
 * &lt;p&gt;文件描述：${DESCRIPTION}(描述该文件做什么)
 * @project_name：spring-cloud-auth
 * @author zengshunyao
 * @date 2019/2/20 10:33
 * @history
 * @department：政务事业部
 * Copyright ChengDu Funi Cloud Code Technology Development CO.,LTD 2014
 *                    All Rights Reserved.
 */
@EnableResourceServer
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    @Qualifier("dataSource")
    private DataSource dataSource;
    //private TokenStore tokenStore = new InMemoryTokenStore();

    JdbcTokenStore tokenStore = new JdbcTokenStore(dataSource);

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserServiceDetail userServiceDetail;

    /**
     * 配置 客户端
     * ClientDetailsServiceConfigurer
     *
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()
                //创建clientId为browser的客户端
                .withClient("browser")
                //配置验证类型为refresh_token和password
                .authorizedGrantTypes("refresh_token", "password")
                //配置客户端域为ui
                .scopes("ui")
                .and()
                //创建另一个客户端，clientId为service-hi的客户端
                .withClient("service-hi")
                //密码 123456
                .secret("123456")
                //配置验证类型为client_credentials、refresh_token和password
                .authorizedGrantTypes("client_credentials", "refresh_token", "password")
                //配置客户端域为server
                .scopes("server");

    }

    /**
     * 配置 token
     * AuthorizationServerEndpointsConfigurer
     *
     * @param endpoints
     * @throws Exception
     */

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                //token的存储方式
                .tokenStore(tokenStore)
                //授权管理
                .authenticationManager(authenticationManager)
                //读取验证用户信息
                .userDetailsService(userServiceDetail);
    }

    /**
     * 配置
     * AuthorizationServerSecurityConfigurer
     *
     * @param oauthServer
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");

    }
}
